General subscription conditions

PREAMBLE

A. Shipup, a simplified joint stock company, registered in the Nanterre Trade and Companies Register under number 822 856 068, whose head office is located 47 rue Marcel Dassault, 92100 Boulogne-Billancourt, France (hereinafter “Shipup”), France (hereinafter “Shipup”) develops, publishes and markets a SaaS solution for improving the post-purchase experience, intended for retailers and e-retailers. This solution is standard and intended to satisfy the needs of the largest number of customers.

B. The Customer acknowledges that prior to the conclusion of the Contract, it was able to read (i) the functionalities of the solution offered by Shipup, and that it was sufficiently informed and advised to take stock of Shipup's offer and thus ensure that it meets its needs and expectations, and (ii) where applicable, of Shipup's commercial proposal, which has - with these general conditions of subscription (the “Conditions” General”) - formed the basis for pre-contractual discussions between the Parties.

C. BY SIGNING THE SUBSCRIPTION FORM, THE CUSTOMER IS DEEMED TO HAVE READ ALL THE DOCUMENTS CONSTITUTING THE CONTRACT AS DEFINED IN ARTICLE 3, AND TO HAVE DULY ACCEPTED THEIR TERMS, WITHOUT MODIFICATION, ALTERATION, OR RESERVATION. THE CONTRACT IS MATERIALIZED BY THE SIGNING OF THE SUBSCRIPTION FORM REFERRING TO THESE GENERAL TERMS AND CONDITIONS. IN THIS RESPECT, THE SIGNATORY OF THE SUBSCRIPTION FORM EXPRESSLY GUARANTEES TO SHIPUP THAT HE HAS SUFFICIENT LEGAL AUTHORITY TO REPRESENT AND VALIDLY ENGAGE THE CUSTOMER AS IDENTIFIED IN THE SUBSCRIPTION FORM.

D. Acceptance of the Contract by electronic means has, between the Parties, the same probative value as an agreement on paper. Shipup nevertheless recommends that the Customer keep a printed version of each document constituting the Contract.

‍

1. DEFINITIONS

The terms and expressions referred to in the Contract and beginning with a capital letter, will have for the Parties the meaning defined in this article, whether in the singular or the plural.

“Affiliated” : any entity that, directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with a Party to the Contract; the term “Control” being understood as meaning given by article L 233-3 of the Commercial Code. With respect to the Customer, affiliates who directly or indirectly operate (through intermediaries) a business that competes with Shipup should not be considered Affiliates.

“Anomaly” : any malfunction of the Solution - when used in accordance with the terms of the Contract and the Documentation - reproducible and documented by the Customer.

” Subscription form ”: refers to the document designating in particular the Customer, as a contracting entity, the Pack, the options, the Duration, and the applicable financial conditions. The Initial Subscription Form refers to the Initial Pack, as well as the Initial Period and the related financial conditions (the “Initial Subscription Form”). Any subscription form — to constitute a Subscription Form within the meaning of the General Conditions — must be duly filled in by the Customer, accepted by Shipup, and signed by both (2) Parties, including its annexes.

” Customer ”: refers to the legal person intervening in the framework of its professional activity, identified and signatory of the Subscription Form.

“Third-party component (s)” : third-party components, proprietary or open source, integrated into the Solution, and necessary for its use.

” General conditions ”: these general conditions of subscription to the Application Service, their preamble and their annexes 1, 2 and 3.

“Consumables” : fees such as SMS or WhatsApp defined, if applicable, in the Subscription Form. Prices according to Consumables are provided in the Subscription Form.

” Service Level Agreement ” (” SLA ”): the service level agreements provided for in Appendix 2.

“Contract” : the contractual documents referred to in article 3, as well as any amendment established in accordance with the terms of the Contract.

“Effective Date” : the date defined in the reference Subscription Form.

“Documentation” : the User documentation relating to the Application Service, and any Update to this documentation, as made available to the Customer as part of the Application Service, on the medium chosen by Shipup.

“Personal Data” : any data concerning an identified or identifiable natural person, in accordance with article 4-1) of the GDPR.

“Login Data” : the username and password of the User allowing access to the Application Service, as communicated to each User in accordance with the terms of article 6.2.

” Customer Data ” : any information or data, including Personal Data, in particular data relating to the Customer's customers and the follow-up of their orders, that the Customer enters, completes, transmits and/or receives as part of the Application Service.

“Intellectual Property Rights” or “IPR” : intellectual property rights of any kind, whether registered or not, and all requests, renewals, and extensions of such rights, including, without limitation, copyrights, copyright, software rights, database rights, database rights, rights to semiconductor topography, rights to semiconductor topography, rights to semiconductor topography, rights to designs, models, patents, trademarks, service marks, names commercial, domain names, know-how rights, trade secrets and/or all other intellectual property rights and equivalent or similar forms of protection, existing and/or future, worldwide.

” Duration ”: collectively the Initial Period and the Renewal Period (s).

“Customer Environment” : the Customer's hardware and computer equipment, allowing the Customer to access the Application Service.

” Features ”: the various functionalities of the Application Service offered to the Customer as part of the Application Service (Pack), chosen by the Customer in the reference Subscription Form. The Features can be linked to the chosen Pack or subscribed at an additional cost. They are independent of the Number of Packages and Consumables if applicable.

“Accommodation” : the hosting of the Solution, including the maintenance of the Infrastructure, and the provision of storage and processing of Customer Data, making it accessible to it, as part of the Application Service.

“Business Hours”: from 9 am to 6 pm (Paris time, France) during Business Days in France.

“Business Day (s)” : Monday to Friday, excluding public holidays in France.

“Infrastructure”: computer equipment (telecom infrastructure, hardware and software) belonging to Shipup or that Shipup is authorized to use for the needs of its business, on which the Solution is hosted.

“Personal Data Protection Laws and Regulations” : the laws and regulations in force within the European Union, the European Economic Area and their Member States relating to the processing of Personal Data, in particular Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms in its current version (the “Data Protection Act”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 relating to the protection of natural persons at with regard to the processing of personal data and to the free movement of persons of this data, and repealing Directive 95/46/EC (the “GDPR”).

“Maintenance” : the provision of Updates and Technical Support as part of the Application Service subscribed by the Customer.

“Update (s)” : all modifications, bug fixes and improvements made to the Solution and/or Documentation and provided to the Customer, as and when they are available as part of the Application Service, excluding any Additional Services.

“Package Number” : the number of packages followed by the Customer through the Application Service, during a monthly and/or annual period in question.

“Pack”: the content and extent of the Features and Associated Services subscribed by the Customer under the Subscription Form (s), for the Initial Period and any Renewal Period if applicable. The Effective Date Pack (the “Initial Pack”) is defined in the Initial Subscription Form, for the Initial Period, and may be extended under the conditions provided for in the Contract.

“Initial period”: the first firm contractual period of commitment by the Customer, starting on the Effective Date and defined in the initial Subscription Form. The Initial Period may be renewed under the conditions provided for in article 4.

“Technical Prerequisites” : the list of the characteristics of the equipment (hardware, operating system, Internet connection with sufficient bandwidth), necessary for the activation and use of the Solution, as described on the Effective Date, in appendix 1; as well as any related developments during the Duration.

“Malicious Programs”: viruses, worms, programmed bombs, Trojan horses, and other harmful and malicious codes, files, scripts, agents and/or programs.

“Service (s) ”: collectively the Application Service, the Associated Services and the Additional Services.

“Additional Services”: any extension of the Initial or Reference Pack, including in particular new Features and New Associated Services, not included in the Initial or Reference Subscription Form, and subject to an additional order in accordance with the terms of article 12.4.

” Application service” : the provision of the Shipup Solution in “SaaS” mode, i.e. online, including Hosting and Maintenance.

“Associated Services” : services, other than the Application Service, as subscribed by the Customer under the reference Subscription Form.

“Shipup Solution”/“Solution” : the software solution, as described in appendix 1, property of Shipup (and/or its licensors) and the Documentation, including any Updates made available to Users as part of the Application Service, within the limits of the Pack.

“Technical Support” : the provision of technical support relating to the Solution.

“User” : any natural person (agent, employee, service provider acting in the name and on behalf of the Customer) authorized by the Customer to use the Application Service and under the responsibility of the latter.

‍

2. OBJECT

The purpose of the Contract is to define the terms and conditions under which the Customer benefits from the Services, and in particular, under which Shipup (i) grants to the Customer who accepts it, the limited, personal, non-exclusive and non-transferable right to access and use the Application Service, for its own commercial needs, for its own commercial needs, for the Pack and for the Duration, and (ii) provides the Associated Services in return for the full payment of the corresponding price in application of the financial conditions defined in the reference Subscription Form.

‍

3. CONTRACT DOCUMENTS

3.1 The Contract consists of the following contractual documents, listed below, in descending order of priority:

- The Subscription Form, including its appendices;

- The General Conditions which consist of this document, including its preamble (the “body of the General Conditions”) and the following annexes:

- Appendix 1: description of the Solution; Technical Prerequisites at the Effective Date

- Appendix 2: Security; Service Agreement “SLA”

- Appendix 3: Personal Data Processing

In the event of a contradiction between one or more stipulations in any of the above documents, the higher-ranking document will prevail. In the event of a contradiction between several versions of the same contractual document, the most recent version will prevail.

3.2 The Contract constitutes the entire agreement between the Parties with respect to its subject matter. The Contract cancels and replaces all declarations, negotiations, commitments, commitments, communications, oral or written, accepted, and prior agreements between the Parties, relating to the subject matter hereof. In particular, the Contract replaces any general conditions of use of the Solution included in it, where applicable, with regard to the use of the Application Service by the Customer, and any general conditions of purchase of the Customer.

3.3 Unless otherwise expressly provided in the Contract, in particular with regard to extensions of the Initial Pack or in force, under the conditions provided for in 12.4, any modification of the Contract must be the subject of a written amendment signed by the authorized representatives of each Party.

‍

4. DURATION

The Contract will take effect as of the Effective Date. The Contract is concluded for the Initial Period defined in the Initial Subscription Form, and where applicable, for any subsequent renewal period, in the event of renewal under the terms of this article (the” Renewal period (s) ”), unless cancelled early in accordance with the terms of these General Terms and Conditions.

At the expiry date of the Initial Period and any Renewal Period, and subject to the contrary stipulation in the Subscription Form, the Contract will be renewed by tacit renewal, for successive Renewal Periods of duration identical to the Initial Period or of the Renewal Period concerned within a limit of 12 months per period, within a limit of 12 months per period, unless notified by one of the Parties of its desire not to renew the Contract, by email with a request for confirmation of receipt, subject to 30 days' notice before the due date, as provided for in the Subscription Form, in which case the Contract will be cancelled at the end of the current contractual period.

‍

5. OBLIGATIONS OF THE PARTIES

5.1 Common obligations of the Parties

Each Party undertakes to alert the other Party of any event of which it is aware that may affect the Services and/or the commitments of the Parties and this as the Contract is executed, and in general, to ensure a high level of responsiveness in the event of difficulty and/or incident encountered in the execution of the Services.

5.2 Shipup Obligations

Shipup is committed to providing the Services with all the care and diligence of a professional. Thus, Shipup provides the Associated Services as defined in the Subscription Form, and undertakes to respect the service levels provided for in the SLA with respect to the Application Service, if applicable.

5.3 Customer Obligations

The Customer undertakes to:

• fulfill its obligations under the Contract, and in particular pay Shipup the amounts due under the Contract to Shipup, in accordance with the reference Subscription Form;
• cooperate with Shipup in good faith and in a reasonable manner with respect to all matters relating to the Services;
• respond as soon as possible to any request, made by Shipup, to provide information, to give approvals or authorizations, or to make decisions that are reasonably necessary for Shipup to provide the Services in accordance with the Agreement;
• provide its own documents or provide information about itself that Shipup may reasonably request in order to provide the Services, and ensure that such documents or information is complete/complete and accurate in all circumstances; and
• maintain the level of knowledge necessary to use the Service optimally, in accordance with the documentation provided and the best practices communicated by Shipup. It is the Customer's responsibility to ensure that its users have the skills required to effectively use the functionalities of the Service.

6. APPLICATION SERVICE

6.1 Prerequisites

6.1.1 The Customer declares to have been informed of the Technical Prerequisites at the Effective Date as described in Appendix 1.

Shipup reserves the right to change the Technical Prerequisites during the duration of the Contract, in particular as a result of the evolution of the Application Service and in particular of the Solution.

The Customer is responsible for the acquisition of the elements of the Customer's Environment, in particular the subscription to the services of an internet access provider (not included in the Application Service) in order to ensure the compatibility of the Customer's Environment with the latest version of the Solution; the Customer Environment being under the sole responsibility of the Customer.

Likewise, it is the Customer's responsibility to implement all appropriate procedures and measures in order to protect its systems, network, workstations, hardware, software, data and passwords, against any Malicious Program and intrusions.

The Customer acknowledges that a Customer Environment that does not comply with the Technical Prerequisites may cause a deterioration in the quality of the Application Service, or even its dysfunction, for which Shipup cannot in any way be held responsible.

6.1.2 The Customer acknowledges and accepts that the training of Users, involving the proper reading of the Documentation, is a prerequisite for the proper use of the Application Service.

6.2 Opening the Application Service and Connection Data

Access to the Solution is carried out from the Customer's Environment using the Connection Data.

The Connection Data is intended to reserve access to the Solution only to Users, to protect the integrity and availability of the Solution, as well as the integrity, availability and confidentiality of Customer Data as processed by Users.

As of the Opening Date of the Service, Shipup provides the Customer with access to the Solution for at least one (1) User in charge of allocating Login Data to other Users. Each User is the owner of their Login Data.

Login Data is confidential. Any access to the Solution with the Login Data is deemed to have been made by the Users.

A User's Login Data can be deleted and, if necessary, new Login Data can be created, via the Solution's functionality provided for this purpose.

The Customer is solely responsible for the use and storage of Connection Data. Consequently, the Customer is solely responsible for implementing methods and measures to protect the Connection Data and the Customer's Environment against any intrusion or virus.

In the event that the Customer is aware of the loss, theft, access or unauthorized disclosure of the Connection Data, he undertakes to (i) immediately change the Connection Data according to the procedure set up by Shipup and (ii) inform Shipup immediately.

Shipup reserves the right to change the Login Data for security reasons and will inform the Customer, as far as possible in advance. Shipup cannot under any circumstances be held responsible for any irregular or fraudulent use of Login Data.

6.3 Rights granted

6.3.1 In consideration of the payment by the Customer of the price due to Shipup for the Application Service, Shipup grants the Customer a personal, non-exclusive, non-transferable or otherwise transferable right to access and use the Solution for its sole needs only, in accordance with its professional destination, in accordance with its professional destination, for the Duration and the terms and conditions of the Contract, Documentation and Reference Pack.

6.3.2 The Customer is solely responsible for the use of the Solution by the Users, which is carried out under its control and direction, and is committed to the respect of the Contract by the Users. Consequently, the Customer is solely responsible for any damage caused by himself, or one of the Users to third parties as a result of his/their use of the Solution.

No rights to the Solution, other than those expressly granted to the Customer under the Contract, are granted to him.

In particular, and unless otherwise stipulated in the Contract, the Customer is prohibited in particular from:

1. sell, distribute, rent, share, use within a service office, publish, associate with a link or communicate or otherwise transfer to a third party (other than a User) all or part of the rights granted to him on the Solution, and in general to allow any third party other than a User, to access the Solution by any means whatsoever, including free of charge;
2. reproduce, adapt, modify, arrange, translate, translate, debug, debug, decompile or disassemble all or part of the Solution, or create any work derived from the Solution, reverse engineer, disassemble, decompile, recreate all or part of the Solution, recreate all or part of the Solution, use any robot, spider, Scraper or other unauthorized automated means in order to access the Application Service, or to engage in any Scraping, data extraction, extraction of content from websites, grouping of data or indexing on all or part of the Solution and/or allowing a third party (s) to perform such acts, except in the cases and under the conditions provided for by law; 

3. perform and/or disclose the results of tests or performance tests of the Solution, without the prior written authorization of Shipup;
4. attempt to gain unauthorized access to the Application Service or associated systems or networks;
5. alter or disrupt the integrity or execution of the Application Service and/or damage or erase all or part of the data contained therein;
6. modify, alter, or remove copyright notices, trademarks, or any other intellectual property privileges appearing in or on the Solution and/or the Documentation, or allowing it to be identified;
7. use the Solution in order to develop or market any product, software or service (i) whose functions would be similar or identical to those of the Solution or (ii) which would be derived from it, (iii) likely to compete with the Solution or (vi) that could be used for any other purpose not explicitly authorized in the Contract;
8. use the Application Service in order to introduce any Malicious Code and/or illegal elements; and/or;
9. use the Solution in the context of activities likely to contravene legislation or regulations in force, in particular, activities whose object or content (i) would encourage the commission of any offense, crime or offense; (ii) would promote false or misleading information; (iii) would infringe on a person's personality rights, in particular their privacy and/or Personal Data.

The Customer is authorized to use and reproduce the Documentation for the sole purposes of the use of the Application Service by Users.

6.4 Accommodation

Shipup ensures the Hosting of Customer Data and the Application Service on the Infrastructure under the conditions provided for in Appendix 2.

‍

7. QUALITY AND AVAILABILITY OF THE APPLICATION SERVICE; MAINTENANCE

From the Service Opening Date, Shipup undertakes to respect its quality and availability commitments in accordance with the SLA and the Subscribed Pack.

In particular, Shipup will make available to the Customer any Update that is generally made available to other Shipup customers.

Shipup reserves the right to modify the Solution and in general the Application Service, in whole or in part, in whole or in part, at its sole discretion, subject to the maintenance of the Features subscribed to as part of the Reference Pack and compliance with the SLA, in particular due to technological advances and changes in legislation, which the Customer expressly acknowledges. Shipup undertakes, if the modification is likely to have an impact on the use of the Services by the Customer, to inform the Customer in writing.

‍

8. INTELLECTUAL PROPERTY RIGHTS

8.1 The Solution, the Updates and all associated intellectual property rights remain the exclusive property of Shipup and/or its licensors. In general, all intellectual property rights arising from the Services provided by Shipup under the Agreement are and will remain the sole and exclusive property of Shipup, and the Agreement does not transfer ownership in this respect.

Shipup retains ownership of its methods, know-how, processes, processes, processes, processes, documents, documents, databases, general and/or specific programs and of all information as well as its hardware and software tools implemented for the execution of the Services. In order to remove any ambiguity, it is specified that Shipup will be able to use the lessons learned from the implementation of the Services as part of its activities.

8.2 The Solution may contain one or more Third-Party Components. Shipup grants to the Customer, on the basis of the licenses acquired from its licensors, and unless expressly stipulated otherwise in the Agreement, a right to use these Third-Party Components according to the terms and conditions of the Agreement or, where applicable, the terms and conditions specific to the licenses related to these components.

8.3 The Customer undertakes to inform Shipup without delay of any unauthorized use of the Solution of which he is aware.

8.4 Eviction guarantee

Shipup undertakes to defend the Customer at its own expense against any allegation against the Customer (the” Complaints ”) relating to the infringement in France of a third party's Intellectual Property Right, attributable to the Solution (the” Attacks ”).

In this context, Shipup bears the damages to which the Customer may be condemned, by a court decision that has become final or resulting from a transaction, as well as any related costs (in particular, reasonable lawyer fees) borne and duly justified by the Customer.

This warranty applies subject to the condition that:

• the Shipup Solution and in general the Application Service have been used in full compliance with the terms and conditions of the Contract and the Documentation;
• the Customer has notified Shipup in writing of any Claim against him as soon as it occurs;
• the Customer has allowed Shipup to have the sole direction and control of the defense, and of any negotiation with a view to an amicable agreement; it being specified that Shipup will be the sole judge of the advisability of dealing with such a hypothesis.
• the Customer collaborates in good faith in this defense by providing all the information and assistance necessary for this purpose,

If an Infringement Claim should be directed against the Customer, or Shipup considers that this is likely to occur, the Customer agrees that Shipup, at its own expense and at its sole discretion: (i) modify or replace the relevant element of the Solution with an equivalent Pack replacement module in order to stop the infringement; or (ii) obtain the right for the Customer to continue to use the element (s) concerned. If the above measures are not reasonable from a commercial point of view, the Contract may be cancelled under the conditions provided for in article 20.1.

In any event, Shipup is exempt from any liability under this article, if the Claim is based on any modification of the Solution that has not been made by Shipup, and/or in the following cases: (i) any use of the Solution by the Customer (and in general of the Application Service) that is not in accordance with the Agreement, Documentation and/or instructions of Shipup, and/or (ii) continued use of the Solution by the Customer despite the notification referred to above and/or the provision of an Update or replacement module that could have avoided or ended it, and/or (iii) if the Complaint is based on the use of the Solution as made within the framework of the Customer's Environment, or on the use of Customer Data in the context of the operation of the Solution.

The above guarantees do not apply to Third-Party Components referred to in article 8.2 subject to specific license conditions, in particular, those subject to open source licenses.

Shipup's obligations under this section will constitute Shipup's sole obligations, and Customer's exclusive remedy in respect of an Infringement.

8.5 Customer Contributions

The Customer may, at any time, submit to Shipup a comment or a suggestion concerning the Application Service and in particular the Solution, in particular concerning any improvements or modifications that could in its opinion be made to it (hereinafter collectively referred to as the “” Contributions ”).

Shipup acknowledges and accepts that such Contributions are then provided “as is” and without warranty of any kind.

The Customer acknowledges and accepts that the communication of its Contributions does not generate any obligation for Shipup, both in terms of consideration and implementation, and of a financial nature.

In any event, and where applicable, the Customer agrees to transfer ownership of all of its Contributions, in sole consideration for the rights to use the Solution granted to it under the Contract. Shipup may therefore use, reproduce and/or adapt them for any use, without geographical restrictions, at its sole discretion and without the Customer's prior agreement being required. Likewise, and in order to remove any ambiguity, it is specified that all inventions, discoveries and improvements to the Solution designed and/or made by Shipup based on the Contributions will be the exclusive property of Shipup and/or its licensors.

‍

9. CUSTOMER DATA

9.1 The Customer guarantees that it has all the rights required to use Customer Data, including Personal Data, within the framework provided for in the Contract.

In addition, as part of the right to use the Application Service granted to him, the Customer is prohibited from sending or storing data that is not related to his professional activities.

The Customer grants Shipup, for the Term, a non-exclusive and personal right to access and use Customer Data, as well as any element made available to it by the Customer, in order to enable it to provide the Services and/or to fulfill its contractual obligations.

Likewise, the Customer acknowledges that Shipup may use the Customer Data for the operations necessary for Shipup to establish its invoices and usage statistics as well as to provide any explanation concerning the execution of the Application Service. In addition, Shipup may analyze, reproduce, manipulate and compile information extracted from Customer Data, in order to create statistics or aggregated and anonymized data, and Shipup may, during and after the Term, use and communicate such statistics or data at its discretion, in particular for the security and management of operations as part of the Application Service, and/or for research and development purposes for the design, improvement and the marketing of the Application Service. Shipup will retain all Intellectual Property Rights over the results of these statistical treatments.

9.2 The Customer acknowledges and accepts that it is solely responsible for all Customer Data and/or data received in any way by the Customer, as part of the Application Service. It will be the sole responsibility of the Customer to provide, update, update, load and store all Customer Data.

Shipup is not required to control the Customer Data transmitted and/or the data received by the Customer and cannot under any circumstances be held responsible for them.

9.3 The Customer is solely responsible - and guarantees Shipup in this capacity in the event of a complaint - for the quality, legality and compliance with laws and regulations and public order (Customer Data must not contain any Malicious Program or element that is defamatory, offensive, libelous, libelous, libelous, harassing, harassing, abusive, abusive, fraudulent, pornographic, obscene or otherwise unlawful), the relevance, and the non-prejudicial nature of with respect to third parties, Customer Data (in any manner whatsoever, including in the event of a violation of Intellectual Property Rights) Personal Data Protection Laws and Regulations), and in general, for any content posted on the Solution under the Contract, for which Shipup can in no way be held responsible.

9.4 Consequently, the Customer undertakes to defend, indemnify and protect Shipup from all liability with respect to claims, actions, proceedings, losses, damages and other costs and expenses incurred or to be paid by Shipup arising from or in connection with the Customer's use of the Application Service, in particular any use of Customer Data that is not in accordance with the Agreement and/or the Documentation, or that would violate the provisions of point 9.3 of this article.

Any amicable settlement related to such a claim requires the consent of Shipup, which cannot be withheld without legitimate reason.

9.5 Notwithstanding the above, and in the event that Shipup is informed that the Customer Data does not comply with the terms of the Contract and more generally of any use of the Services for illegal purposes, or in case of an emergency, or in case of emergency, Shipup reserves the right, at its sole discretion, by operation of law, by operation of law, without notice, without any prior formality and without liability to the Customer, to delete this Customer Data and/or refuse access to this Customer Data and/or access to the Solution.

‍

10. PERSONAL DATA

The Customer acknowledges and accepts that the Customer is acting as a “data controller” within the meaning of the Personal Data Protection Laws and Regulations and to the extent that Personal Data is stored and/or processed under the Agreement, Shipup acts as a “data processor” within the meaning of the above Laws and Regulations.

The Customer guarantees that no applicable legal or regulatory requirements prevent Shipup from complying with its obligations under the Contract. In addition, the Customer guarantees Shipup that it has obtained the consent, if necessary, of all persons concerned and that it has duly informed them prior to the collection, processing, storage, storage, use and sharing of their Personal Data.

More generally, the methods relating to the processing of Personal Data in the context of the Services are defined inappendix 3.

‍

11. SAFETY

Each Party shall implement appropriate technical means to ensure data security and shall notify the other Party without delay of any fact that may constitute an attack on the physical or logical security of the environment of the other Party.

In particular, Shipup will implement reasonable technical and organizational measures, in accordance with the state of the art, to maintain the integrity and confidentiality of Customer Data, in particular to prevent any fraudulent access or use of Customer Data and/or any loss, alteration, or destruction of Customer Data that may be attributable to Shipup. To this end, Shipup will implement the data backup operations described in the SLA, and the measures defined in theappendix 2.

‍

12. FINANCIAL CONDITIONS

12.1 Prices, billing conditions

The prices and the billing terms are provided in the Subscription Form.

Unless otherwise stipulated in the Subscription Form, the prices of the Services will be invoiced as follows:

• a minimum fixed fee for the Pack subscribed by the Customer under the reference Subscription Form, independent of the Number of Packages and Consumables, invoiced to the Customer monthly in due date. In case of subscription to Additional Services, the provisions of article 12.4 will apply.
• a variable fee, depending on the Number of Packages processed by Shipup for the Customer and, where applicable, the Consumables consumed during the monthly reference period, according to the rates provided in the Subscription Form. These fees are invoiced to the Customer monthly in due date.

It is expressly agreed that Shipup reserves the right to keep requests concerning the tracking of packages received while using the Solution. These requests will constitute proof between the Parties for the purposes of calculating the levels of use of the Application Service by the Customer. They thus allow Shipup to calculate the amount of variable fees as described above, taking into account the Number of Packages actually tracked through the Application Service and the Consumables actually consumed during the monthly reference period.

It is specified that the Pack subscribed by the Customer for the current contractual period cannot under any circumstances be revised downwards during this period. Invoices will be drawn up by Shipup and sent to the address indicated on the Customer's account.

The Customer's commitment to pay under the Contract is firm and irrevocable. Payments due and/or made under the Contract remain due and/or acquired by Shipup.

12.2 Payment terms

Unless otherwise stipulated in the Subscription Form, invoices issued by Shipup are payable in euros (€), within thirty (30) days following their date of receipt, according to the methods described in the Subscription Form.

12.3 Taxes

The amounts indicated do not include taxes, in particular VAT (value added tax) in force on the day of invoicing.

12.4 Additional services

Any Functionality and/or Associated Services not expressly defined in the reference Subscription Form are not included in the Pack.

In general, any request for Additional Services must therefore be the subject of either (i) an additional Subscription Form equivalent to the reference Subscription Form, under the financial conditions defined in the reference Subscription Form, or failing that, to the pricing conditions then in force; or (ii) a separate contract, depending on the nature of the Additional Services. Unless otherwise stipulated in the Subscription Form or the separate contract concerned, the Additional Services will be invoiced monthly in due date.

12.5 Amendment

Shipup reserves the right to change the price of the Services, and will inform the Customer of the new price, in writing, during the renewal phase, before the end of the Initial Period and/or any current Renewal Period.

The Customer is therefore free to renew the Contract or not, under the conditions provided for in article 4. In the absence of notification by the Customer of his desire not to renew the Contract under the conditions provided for in article 4, the modification of the prices of the Services will be deemed accepted, and will be applicable as part of the billing for the next Renewal Period.

In addition, the Customer acknowledges and accepts that the prices relating to Consumables listed in the Subscription Form may be modified during the Term, in particular according to the rates applied by Shipup's suppliers. The latter will inform the Customer in writing.

12.6 Default in payment

Failure to pay the amounts due by the Customer by the due date will automatically result in the invoicing of late interest on the amount of the amounts due at a rate equal to three (3) times the legal interest rate in force as well as a fixed compensation for recovery costs in the amount of forty (40) euros in accordance with the provisions of article L441-10 of the Commercial Code, notwithstanding the reimbursement of the actual recovery costs, justified on bill.

In addition, and without prejudice to any damages, in the event of non-payment of any amount due by the Customer to Shipup within a period of ten (10) Business Days following a reminder sent by Shipup to the Customer, Shipup will be entitled to (i) suspend access to the Services temporarily until full payment of the amount due, without such suspension being assimilated to a contractual breach by Shipup, and/or (ii) terminate the Contract by operation of law, without prejudice to any damages and interests, within ten (10) Working Days after formal notice sent to the Customer by registered letter with acknowledgement of receipt. By express agreement, such suspension or termination may not constitute a breach by Shipup of its contractual obligations and the Customer will bear all the consequences of such suspension or termination.

‍

13. CONFIDENTIALITY

13.1 Each Party (the” Receiving part ”) undertakes to keep confidential the information and documents concerning the other Party (the” Disclosing Party ”) of any nature, in any form or medium whatsoever, to which it has access (in writing, oral or in any manner whatsoever) during the execution of the Contract concerning in particular, technology, designs and models, techniques, research, know-how, know-how, specifications, specifications, specifications, specifications, specifications, product plans, product plans, pricing, information on Customer customers, data on Users, current or future strategic information, current or future business plans, policies or practices, the information on employees, as well as other commercial and technical information of a Party (hereinafter the”Confidential Information“), with care at least equivalent to that it takes to preserve its own Confidential Information, and to take all necessary measures to prevent, without the prior written authorization of the Disclosing Party, disclosure, voluntary or involuntary, directly or indirectly, to any person other than its employees or collaborators assigned to the performance of the Contract. By express agreement, the terms and prices of the Contract are considered confidential.

It is expressly agreed that (i) the terms of the Contract will be deemed to constitute Confidential Information of both Parties; (ii) the Shipup Solution constitutes Shipup Confidential Information, and (iii) the Customer Data will be deemed to constitute Confidential Information of the Customer.

The Parties undertake to (i) not use the Confidential Information for purposes other than for the purposes of the execution of the Contract, to (ii) to limit access to this Confidential Information to only their personnel, agents and service providers whom they could use, who reasonably need to know this Information for the purposes of performing the Contract and being bound by confidentiality obligations equivalent to those of this article and to (iii) not to copy or reproduce, of any kind whatsoever, Confidential Information, except for the strict needs of the execution of the Contract, and in a limited number.

The Parties are committed to the respect of this clause by their staff, agents and service providers.

Notwithstanding the above, each Party may, under the strictest confidentiality, communicate the Contract and the related documents to its insurance broker, its auditors, its legal advisers, or to fiscal and social organizations.

13.2 The communication by the Disclosing Party of Confidential Information under the Contract may not, under any circumstances, be interpreted as conferring, expressly or implicitly, on the Receiving Party any Intellectual Property Right on the Confidential Information and on the elements (software, manufacturing secrets, manufacturing secrets, brands, know-how, etc.) to which the Confidential Information relates.

13.3 Notwithstanding the foregoing, will not be considered Confidential Information if any information:

1. already known by the Receiving Party even before the date of its disclosure by the Disclosing Party to the Receiving Party, in the absence of any fault attributable to the Receiving Party;
2. received in good faith and in a lawful manner by the Receiving Party, from a third party who, to the knowledge of the Receiving Party, is not bound by any confidentiality agreement prohibiting such disclosure;
3. entry into the public domain prior to or after its disclosure, in the absence of any fault attributable to the Receiving Party;
4. which is the result of internal developments undertaken in good faith by staff members of the Receiving Party who did not have access to Confidential Information, provided that the Receiving Party is in a position to prove that it did not use or refer to this Confidential Information during the above internal developments;
5. whose use or disclosure has been expressly authorized by the Disclosing Party.

13.4 The restrictions referred to in this article will not apply to information that the Receiving Party is required to disclose pursuant to a law or regulation, a judicial or administrative decision, or at the request of a State agency, provided, however, that the Receiving Party informs the Disclosing Party in writing and assists the Disclosing Party in obtaining the protection of Confidential Information from disclosure to the public.

13.5 Subject to the provisions of article 20.4, the Receiving Party undertakes to return or destroy without delay any physical media containing Confidential Information in any form whatsoever, upon simple written request from the Disclosing Party. In any event, the Receiving Party undertakes to return the Confidential Information without delay upon the written request of the Disclosing Party at the end of the Contract regardless of the reason, unless otherwise expressly agreed between the Parties.

At the written request of the Disclosing Party, the Receiving Party will promptly certify in writing that it has fulfilled the obligations of this section.

13.6 The confidentiality obligation referred to in this article takes effect retroactively from the start of the negotiation of the Contract, and will end five (5) years after the termination of the Contract for any reason whatsoever.

‍

14. REFERENCES

The Customer authorizes Shipup to use the Customer's name and logo in order to include them on (i) customer lists published on Shipup's website and (ii) Shipup's marketing materials, including on social networks used by Shipup. Likewise, subject to the Customer's prior written agreement on the wording of the press release, Shipup may announce in a press release the relationship it maintains with the Customer under the Contract.

The Parties agree that the communications referred to in this article will in no way constitute a violation of article 13 of the General Conditions.

‍

15. DECLARATIONS AND WARRANTIES

15.1 Common Declarations and Warranties

Each Party represents and warrants to the other that:

1. it is a validly incorporated company with all the capacity necessary to conclude the Contract and perform all the obligations arising from it. It has obtained, where applicable, all internal or external authorizations, as well as all necessary consents, in order to conclude and perform the Contract;
2. neither the signing of the Contract, nor the performance of the obligations arising from it, are contrary to any provision of its statutes, to a law applicable to it, to a stipulation of a contract or commitment to which it is a party or to an arbitration or judicial decision concerning such Party.

15.2 Shipup Declarations and Warranties

Shipup represents and warrants that the Solution, used in accordance with the terms of the Agreement and the Documentation, substantially complies with the Documentation.

Shipup represents and warrants that it will provide the Services competently and professionally.

Shipup does not guarantee that (i) the functions contained in the Solution will meet the specific needs of the Customer, (ii) the operation of the Application Service will be uninterrupted and/or that the Solution is free of bugs, errors or any other defects and/or (iii) the results obtained as a result of the use of the Application Service.

Except as otherwise expressly provided in the Agreement and to the extent permitted by applicable law, Shipup excludes all warranties, representations and/or other commitments of any kind, express or implied.

15.3 Customer Declarations

The Customer declares to have a good knowledge of the Internet, its characteristics and its limits. In particular, the Customer acknowledges that (i) the technical reliability of data transmission via the Internet is relative, as they circulate on heterogeneous networks whose characteristics and technical capabilities are diverse and which are - from time to time - overloaded and/or may be subject to malfunctions; (ii) the Customer's equipment is connected to the Solution under its sole responsibility; (iii) the communication of Customer Data and, in general, of any information, is done at the risk and peril of the Customer and under its sole responsibility; (iv) the Customer is responsible for the security relating to the operation of the Solution and for access to the Application Service which are under its sole control, in particular in order to avoid intrusions by unauthorized third parties (v) Users having access to the Solution, said Solution and the Application Service may be subject to intrusions by unauthorized third parties, and therefore, be corrupt.

For the reasons mentioned above, Shipup cannot provide any guarantees in this regard and therefore cannot be held responsible for any damage inherent in these uses of the Internet network and computer and telecommunications systems.

‍

16. RESPONSIBILITY

16.1 Each Party is responsible for the performance of its obligations under the Contract.

16.2 Shipup is bound by a general obligation of means under the Contract.

16.3 Shipup can only be liable for direct and foreseeable damages arising from the execution of the Contract, regardless of the nature and/or cause of the action.

Any indirect, material, intangible or unforeseeable damage and in particular in the event of interruption of the functioning of the Solution and/or Services, loss of operation, commercial damage, loss of customers, any commercial disturbance, loss of brand image, loss or damage of data, loss or damage of data, costs relating to the time spent by its agents and/or service providers, costs relating to the time spent by its agents and/or service providers, in the acquisition or subscription to a third party alternative service/solution suffered by the Customer, one or more User (s) and/or by a third party, may in no case give rise to a compensation to the Customer, even if Shipup has been informed of such damage.

Under no circumstances may Shipup be held liable in the event of fault, negligence, omission or failure on the part of the Customer (including other service providers and suppliers chosen by the latter and intervening within the framework of the Contract), in particular in the event of transmission of erroneous information, and/or in the event of Force Majeure.

In any event, it is expressly agreed that Shipup's total liability under the Contract may not - all causes combined, principal, interests and expenses - exceed the price excluding taxes paid by the Customer for the Services during the twelve (12) months preceding the event giving rise to Shipup's liability.

In any event, Shipup cannot under any circumstances be held liable for (i) unauthorized and/or fraudulent access to the Application Service; (ii) the use by the Customer and/or Users of data processing means other than those made available to the Customer by Shipup; (iii) non-compliance with the Contract, Documentation and/or recommendations of Shipup; and/or (iv) any facts causing damage over which the latter does not have control, such as resulting from the connection of the Customer's Environment to the Solution, the abusive use and/or misuse of data, Customer Data, and/or Connection Data, the disruption of the telecommunications network or the Internet and more generally of any element that can be attributed to a third party, to the Customer and/or to its Users.

The Parties expressly agree that any action by the Customer against Shipup, regardless of the nature or basis, is time-barred beyond a period of twelve (12) months from the date of its triggering event.

The Parties acknowledge that these limitations and exclusions of Shipup's liability reflect the distribution of risks under the Agreement and the economic balance required by the Parties on the one hand and that the Agreement would not have been concluded without these limitations and exclusions and that they will remain in force, even in the event of termination or resolution of the Agreement.

‍

17. INSURANCES

Shipup undertakes to take out professional liability insurance with any insurance company of its choice and in general any insurance policy likely to cover all the risks relating to the execution of the Contract.

‍

18. FORCE MAJEURE

18.1 The responsibility of the Parties cannot be incurred in the event of non-performance of their obligations or delay in their execution which would be the result of a case of force majeure as defined by article 1218 of the Civil Code and French case law. Without this list being exhaustive, they are cases of force majeure:: (i) natural disasters (fires, explosions, floods, storms, earthquakes); (ii) armed conflicts, acts of terrorism, riots or insurrections; (iii) pandemics, epidemics or any decision of public authorities affecting the execution of the Contract; (iv) strikes, lockouts, or other social conflicts affecting third parties and directly impacting the execution of contractual obligations; (v) large-scale cyber attacks, causing the unavailability of services, despite the security measures in place; (vi) failures in telecommunications and Internet infrastructures not attributable to Shipup; and (vii) failures of hosting providers or third party services essential to the execution of the Contract, as long as no reasonable alternative solution is available. (hereinafter” Force Majeure ”).

18.2 As soon as one of the Parties is aware of the occurrence of a Force Majeure Event, it informs the other Party by registered letter with acknowledgement of receipt, indicating the circumstances and information relating to the Force Majeure Event, and takes all measures reasonably necessary to limit its effects. The occurrence of a Force Majeure Event will initially automatically suspend the execution of the Contract, except for the Customer's payment obligation, which remains fully applicable. As soon as the effect of impediment due to the Case of Force Majeure ceases, these obligations resume for the period remaining to run on the date of suspension, increased by the duration of suspension. However, if a Case of Force Majeure prevented the execution of the Contract for a period of more than ninety (90) calendar days, each Party would be free to request the termination of the Contract, without notice and without compensation, by registered letter with acknowledgement of receipt.

‍

19. EXCLUSION OF UNFORESEEABILITY

The Parties declare that they have measured and accepted the risks inherent in the execution of the Contract. Unless otherwise stipulated, the Parties expressly renounce the application of article 1195 of the Civil Code.

20. TERMINATION — EFFECTS OF END OF CONTRACT — REVERSIBILITY

Apart from the expiry of the term provided for in article 4 of the Contract, the Parties may terminate the Contract under the following conditions.

1. Termination for breach

Each Party may invoke the termination of the Contract with immediate effect and by operation of law in the event of violation by the other Party of its contractual obligations, at the end of a notice of 15 calendar days following the receipt of a formal notice by registered letter with acknowledgement of receipt describing in detail the nature and precise dates of the occurrence of the violation or the breach that has remained without effect.

2. Other cancellation cases

Each of the Parties may terminate the Contract by registered letter with acknowledgement of receipt,

1. in the event of liquidation or receivership of the other Party, to the extent authorized by law;
2. under the conditions provided for in article 18 of the General Conditions;

In addition, Shipup may terminate the Contract under the conditions referred to in article 12.6 of the General Terms and Conditions.

3. End of contract effects

At the end of the Contract for any reason whatsoever:

1. Subject to the specific provisions on reversibility referred to in article 20.4, all rights granted to the Customer under the Application Service and all Associated Services under the Contract cease. In particular, the Customer ensures that all Authorized Users stop using the Login Data;
2. the Customer undertakes to pay all amounts due under the Contract to Shipup within the contractual deadlines, without any compensation or deduction being possible; the amounts paid to Shipup under the Contract otherwise remaining the property of Shipup;
3. all Confidential Information transmitted by one Party to the other Party is returned to the other Party, or destroyed, within one (1) calendar months following the written request of the Receiving Party of Confidential Information (subject to the implementation of the reversibility referred to in Article 20.4); and
4. the provisions relating, respectively, to Intellectual Property, Responsibility and Indemnification, Guarantees, Guarantees, Guarantees, Customer Data, Personal Data, Confidentiality, End of Contract Effects, Reversibility as well as all stipulations intended, by nature, to survive the end of the Contract, will remain in force for the duration that will be necessary to give them the intended effect.

4. Reversibility

Shipup will keep Customer Data for a period of one (1) calendar month from the date of expiration or termination of the Agreement. During this period, the Customer may request in writing from Shipup, at the address support@shipup.co, the return of Customer Data as recorded at the end of the last backup made in a format and on the standard market medium of Shipup's choice, without additional billing, without additional billing, subject to the Customer having satisfied all of its payment obligations under the Contract.

At the end of this return and in any event, after the above period, Shipup will have no obligation to store or provide the Customer with the Customer Data, and will be free to delete them, unless otherwise provided by law.

Any additional service relating to the return and expressly requested by the Customer, will be the subject of a financial proposal by Shipup.

‍

21. STAFF

Each Party is responsible for the supervision, exclusive control and administrative, social and accounting management of its employees and, where applicable, its subcontractors.

22. COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS

Each Party will comply with all laws, rules, regulations, and ordinances applicable to its activities under the Contract.

In particular, the Customer undertakes to strictly comply with the regulations applicable to the control of the export of technologies, in particular but not limited to, in France, the European Union, the United Kingdom and the United States.

‍

23. SUBCONTRACTING; ASSIGNMENT OF THE CONTRACT

24.1 The Customer expressly authorizes Shipup to subcontract all or part of its rights and obligations under the Agreement, including with respect to the processing of Personal Data, to any third party of its choice, subject to any stipulation contrary toAppendix 3. Shipup then remains solely responsible for the compliance by the subcontractors with its obligations under the Contract.

24.2 The Parties may not assign the Contract or any of the rights granted to them, without the prior written authorization of the other Party, who cannot refuse to give it without just cause. Any transfer made in violation of this article will be null and void.

Notwithstanding the above, each Party may freely and with written information from the other Party, assign or otherwise transfer the Agreement to an Affiliate and/or as part of a merger or absorption of the business, and/or a sale of a substantial part of its assets (provided, in the case of the Customer, that the beneficiary entity does not have a business competing with that of Shipup), provided that the assignee agrees to be bound by all the provisions of the Contract.

In the event of an assignment of the Contract under this article, the Contract will be binding on any successor and assignee of the Parties, and by express agreement, the assignor will be relieved of all liability to the other Party under the Contract, from the date of written notification of the transaction in question to the other Party, and cannot be held responsible for the performance of the Contract by the assignee.

‍

24. VARIOUS STIPULATIONS

25.1 Relationships between the Parties. The Parties are independent legal persons, acting in their own name and under their sole responsibility. Under no circumstances may the Contract be considered as an act constituting a mandate relationship, franchise or any legal entity. Each Party undertakes not to make a commitment in the name and on behalf of the other Party.

25.2 Non-Waiver. The fact, for one of the Parties, of invoking late or of not invoking a breach by the other Party cannot constitute, for the future, a waiver of invoking the breach in question. Any waiver will be enforceable only if it has been expressed in a writing signed by a representative duly authorized by each Party.

25.3 Partial nullity. If one or more provisions of the Contract are held to be invalid or declared as such pursuant to a law, regulation or following a final judicial decision, the other stipulations will remain in full force and scope.

25.4 Proof between the Parties. In accordance with article 1126 of the Civil Code, the Parties accept that electronic means of communication be used to correspond or transmit information. Such use will not in itself constitute a breach of any obligation of confidentiality. The files, data, messages and computerized registers stored in the computer systems of each Party will be accepted as proof of communications between them, provided that the Party from which they emanate can be identified and that they are established and maintained in conditions such as to guarantee their integrity.

By express agreement, the acceptance of the Contract by electronic means has the same probative value between the Parties as an acceptance by paper medium. In particular, the Parties undertake not to challenge the validity of the conclusion of this Contract, which by mutual agreement between the Parties is concluded by an electronic signature process. The electronic signature is implemented by an independent service provider chosen by Shipup, offering guarantees in accordance with French legal requirements, which keeps the Customer's signature certificates. In this context, Shipup cannot under any circumstances be held responsible for damages resulting from the loss of integrity of the electronic signature.

25.5 Notifications. < success@shipup.co >Unless otherwise stipulated in the General Conditions concerning in particular notifications by registered letter with acknowledgement of receipt, the Parties may deliver any notification provided for in the Contract by email with confirmation request to the email address indicated, for the Customer, for the Customer, when he created his account, for Shipup, at the following address:. The notifications sent in this way will be deemed to have been made on the date of receipt of the email.

25.6 Language. The Contract is written in French. If a translation of the Contract was carried out, only its version in French would have contractual value. In addition, all communications between the Parties relating to the execution of the Contract will be carried out in French.

25.7 Headlines. The titles appear in the Agreement only for ease of reading and will not be used to interpret the content of the Agreement.

25. APPLICABLE LAW; JURISDICTION

The Contract will be governed by and interpreted in accordance with French law. In the event of difficulty in the interpretation or execution of the Contract or of a dispute between the Parties relating to it, the Parties will endeavor to resolve their dispute amicably. In the absence of amicable resolution, any disputes that may arise between the Parties relating to the validity, interpretation, execution or termination of the Contract will be subject to the exclusive jurisdiction of the Paris Commercial Court, with the exception of any dispute relating to Intellectual Property Rights which will be subject to the exclusive jurisdiction of the Paris Judiciary, regardless of the place of performance of the Contract, the domicile of the defendant, and this even in the event of a plurality of defendants claims, warranty claims, summary proceedings or conservatory proceedings.

‍

Appendix 1: Description of the Solution and Technical Prerequisites as of the Effective Date

‍

Technical Prerequisites

Access: from a secure web browser - Safari, Chrome, Chrome, Firefox, Edge still receiving security updates (which is not at the end of life)

‍

Functional description of the Solution

• Feedback of order and package information from the e-commerce back office to Shipup
• Retrieving package tracking information by Shipup from carriers
• Generation of follow-up notifications by Shipup
• Package tracking page
• Viewing information in the Shipup back office

‍

Appendix 2 - SLA - Service Level Agreement and Security Policy

‍

1. Service Level Agreement

This SLA describes Shipup's obligations regarding the level of the Application Service under the Agreement. Shipup may modify the various elements presented below, in particular with regard to hosting, provided that these changes do not lead to a decrease in the quality of the Application Services.
The SLA takes effect from the date of Opening of the Service.

1. Lodging

Accommodation is provided by a provider (s) selected by Shipup.

On the Effective Date: Google (hosting site located in Belgium in the European Union) which uses Google Cloud technology.

The operations of these data centers have been accredited under the following standards and reports:

● ISO 27001 standard
● SOC 1 (Type 2), SOC 2 (Type 2), SOC 3 reports ● PCI standard

The Customer can find the documentation relating to compliance by clicking on this link: https://cloud.google.com/security/

Shipup reserves the right to select other hosts as additional or alternative hosts, subject to the provisions of articles 5, 6 and 11 of Annex 3 and that such change does not lead to a decrease in the quality of the Application Service.

2. Notifications and response times

The following service levels are guaranteed by Shipup within the limit of the type of problem that affects the proper functioning of the Shipup software. For each criticality level, first response times, resolution times and partner update targets are identified.

The Customer must inform Shipup by email at support@shipup.co within 30 days following the end of the calendar month in which the Incident occurred (end of month + 30 days). For example, for an incident that occurred on 15 February, all the necessary information should be sent before 31 March by email to support@shipup.co.

The Customer must submit his complaint with all the information necessary to allow Shipup to process the Incident, including in particular the detailed description of the Incident.

The working hours of the Support team are from 9 am to 6 pm from Monday to Friday CET.

In the absence of notification of the Incident within the abovementioned deadlines, the Customer will be deemed to have accepted the factual situation and renounces any claim or recourse relating to this Incident.

3. Solution Availability; Service Levels

Principle: Shipup makes its best efforts to ensure that the Application Service is available twenty-four (24) hours a day, seven (7) days a week (7), to the exclusion of any unavailability resulting from:

1. a scheduled maintenance operation: Shipup provides a general maintenance update to resolve minor Solution anomalies, and undertakes other routine maintenance tasks in relation to the Application Service;

Shipup undertakes to make its best efforts to notify the Customer forty-eight (48) hours before any intervention.

2. an urgent or exceptional maintenance operation: in order to remedy the problems related to the provision of the Application Service to other customers, Shipup may be forced to carry out emergency interventions on the Shipup server, and to interrupt the availability of the Application Service, for which prior information is not possible, for which prior information is not possible; it being understood that as far as possible, Shipup will always make its best efforts to inform the Customer of these emergency interventions in advance;
3. any failure or disruption caused in whole or in part by an act, omission or failure of the Customer, a User, or a third party (other than Shipup's subcontractors), including any failure or disruption caused by denial-of-service attacks or distributed denial-of-service attacks;
4. any failure or disruption attributable in whole or in part to a Force Majeure Event, as defined in article 18 of the Contract, or any problem with the Customer's Internet network or connection, or with the Customer's Environment used to access the Solution;
5. any preventive measure taken to counter denial of service attacks that cause an interruption of the Application Service.

Any connection to the Application Service will be considered as proof of the availability of the Application Service.

At any time, the Customer will have direct access to a self-service portal indicating the percentage of current and historical monthly availability of the Solution (portal link: https://status.shipup.co/).
Shipup guarantees the availability of its software at any time (24 hours — 7 days a week — 365 days a year) with a service availability rate of 99.9%.

Shipup guarantees a monthly uptime of 99.9% for each of the following services:

• Public API
• Webhooks
• Back office
• Email Sending to Online Shoppers

In the event of an interruption of service, Shipup guarantees the intervention of a technician and the resolution of the interruption within the deadlines mentioned below.

Shipup guarantees that the service levels mentioned below allow the daily operation of the Shipup software by the customer and will not impact the operation of the partner's website.

Response time percentage: 90% of daily API requests respond in less than 400ms.

Carrier events: Carriers may need to technically change the way in which delivery data is retrieved. We closely monitor all supported carrier connections and investigate possible problems the same day we are alerted. We inform impacted customers within 48 hours.

Periods of unavailability related to a Maintenance operation or to the use of a Beta Version, as defined herein, are expressly excluded from the calculation of the 99.9% availability rate.

“Maintenance” refers to any planned update or technical intervention carried out by Shipup on the Solution, including in particular corrective updates, technical developments or performance optimizations. To be qualified as planned maintenance, prior notification must be sent to the Customer.
This notification will go through the self-service portal (portal link: https://status.shipup.co/).

“Beta Version” means any product, service, feature, or component of the Solution made available by Shipup for testing, evaluation, or demonstration purposes, in an unfinalized state of development. Beta Releases may be incomplete, subject to frequent changes, and are not subject to any guarantee of availability, performance, or service level compliance (SLA).

2. Security policy

• Development and operations

Shipup makes secure connections via the HTTPS protocol (SSL/TLS) to and from the Infrastructure, including our websites and APIs, to ensure that Customer Data remains encrypted during transmission. This means that Customer Data is encrypted using the 256-bit AES encryption algorithm, and is not disclosed over the network. As part of its test, SSL Labs gives Shipup an “A” grade.

Shipup operations teams develop and monitor incident action plans for security and operational events.

Shipup will detect and log intrusions into the Infrastructure to prevent and report any unauthorized access attempts.

Shipup engineers peer review the code for security issues before the code goes into production. They follow the best security practices and guidelines from the OWASP online community.

Shipup isolates its processes in various environments such as development, pre-production, and production.

• Data security and backups

Personal Data provided by Customer is stored in databases that only allow a selected subset of employees to access it. Shipup has established proven processes to back up and restore all Shipup data and Customer Data. All Shipup databases are continuously duplicated in operational backup systems as well as in archiving systems. Shipup can switch to running backup systems or restore them from archive systems up to a set point in time.

• Network security

Firewall: Firewalls are used to limit access to systems from external networks and between internal networks. All access is by default denied and only explicitly authorized ports and protocols can benefit from it, based on commercial needs. Each system is assigned to a security group with a firewall based on the function of the system. Security groups limit access to only those ports and protocols that are necessary for a given system function to minimize the risk involved.

Minimizing denial-of-service attacks: Shipup works closely with its suppliers in order to quickly respond to events and to allow for optimized controls to minimize denial of service attacks, if necessary.

Protections against mystification and sniffing: Once managed, firewalls prevent IP addresses, MACs, and ARP from being spoofed across the network and between virtual hosts to ensure that spoof is prevented. Packet sniffing is prevented by the Infrastructure, in particular by the hypervisor, which will not route traffic to a non-recipient interface.

• System security

System configuration: system configuration and consistency are ensured through familiar and up-to-date configuration management images and software, and by replacing systems with up-to-date devices.

System authentication: access to operating systems is limited to Shipup personnel and requires authentication using an identifier and a key. Operating systems do not allow password authentication, in order to avoid brute-force attacks, theft, or transmission of passwords.

Vulnerability Management: Shipup is notified of vulnerabilities through internal and external assessments, system patch checks, and third-party mailing lists and services. Each vulnerability is studied to determine if it applies to the Shipup environment, classified according to risk and assigned to the appropriate team to remedy it.

• Disaster recovery

Shipup's Infrastructure is designed to ensure stability and scale, and inherently minimizes the usual issues that lead to outages, while maintaining its recovery capabilities. The Infrastructure maintains redundancy in order to prevent individual points of failure. In the event of a failure, backup and backup systems can resume operations. In the event of a catastrophic failure, systems can be recovered from backup copies.

‍

Appendix 3 - Personal Data Processing

The purpose of this appendix is to define the conditions under which Shipup undertakes, in its capacity as a Subcontractor, to perform on behalf of the Customer the Personal Data processing operations defined below in accordance with its instructions as set out herein and as part of the provision of the Application Service.

‍

1. Definitions

For the purposes of this appendix and notwithstanding any other definition provided for in the Contract, the following capitalized terms, whether singular or plural, have the following meaning:

” Person Concerned ”: any identified or identifiable natural person whose Personal Data concerning him or her is subject to Processing. An “identifiable natural person” is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity, or to one or more elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.

” Data Controller ”: any entity determining the purposes and means of the Processing, unless expressly designated by legislative or regulatory provisions relating to this Processing. The Customer acts, in application of this Agreement, in the capacity of Data Controller.

” Subcontractor ”: an entity processing Personal Data on behalf of, on instructions and under the authority of the Data Controller. Shipup acts, pursuant to this Agreement, as a Subcontractor.

” Treatment ”: any operation or any set of operations carried out or not carried out using automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organization, structuring, storage, adaptation or modification, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, modification, extraction, consultation, use, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, modification, extraction, consultation, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, modification, extraction, consultation, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, adaptation or modification, or destruction.

” Personal Data Breach ”: a security breach resulting, in an accidental or unlawful manner, in the destruction, loss, alteration, unauthorized disclosure of Personal Data transmitted, stored and/or processed in another way, or unauthorized access to such Data.

The other terms used in this Annex will have between the Parties the meaning given to them by Article 4 of the GDPR.

‍

2. Treatment Description

Shipup is authorized on behalf of the Customer to process the Personal Data necessary to provide the service (s) defined in the Contract.

By default, the execution of the object of the Contract as well as the use of the Application Service and its Features constitute the instructions documented by the Customer.

In addition, any additional instructions regarding Shipup Processing must be sent by the Customer in writing.

Additional documented instructions from the Customer will be borne by the Customer and will be processed subject to their technical and organizational feasibility and unless otherwise expressly stated in the Contract.

The methods relating to the Treatment are more precisely defined in the following tables A and B:

3. Fate of Personal Data

At the end of the Contract, and regardless of the cause, Shipup undertakes to destroy and/or return - under the conditions provided for in article 20.4 of the General Conditions - the Personal Data provided by the Customer under the Contract, at the Customer's request in writing, at the latter's written request, except for applicable legal obligations.

‍

4. Obligations of the Customer

The Customer undertakes to:

• provide Shipup with all the data it needs to fulfill its obligations as set out in the Contract in a timely manner, and is responsible for the quality of the Personal Data transmitted to Shipup;
• immediately inform Shipup of any error or irregularity of which it is aware in connection with Personal Data protection measures or of its instructions when examining the results of the mission entrusted to Shipup;

In general, the Personal Data provided by the Customer to Shipup remains under its sole responsibility. The Customer guarantees Shipup that it complies with its obligations under Personal Data Protection Laws and Regulations. As such, the Customer guarantees Shipup against any recourse, complaint or claim from a natural person, whose Personal Data would be processed under the Contract and which would result from a failure by the Customer or a third party to comply with one of the obligations under the Laws and Regulations on the Protection of Personal Data.

‍

5. Shipup's obligations towards the Customer

Shipup is committed to:

• process Personal Data only for the sole purpose (s) that is/are the subject of the subcontracting;
• process Personal Data in accordance with the Customer's documented instructions as defined in this appendix. If Shipup considers that an instruction constitutes a violation of the RGPD or any other provision of Union law or Member State law relating to the protection of Personal Data, it shall immediately inform the Customer. Shipup will be authorized to suspend the execution of said instruction until confirmed or amended by the Data Controller. In addition, if Shipup is required to transfer Personal Data to a third country or to an international organization, under European Union law or the law of the Member State to which it is subject, it undertakes to inform the Customer before Processing, unless the law concerned prohibits such information for important reasons of public interest;
• guarantee the confidentiality of Personal Data processed under this Agreement;
• ensure that persons authorized to process Personal Data under this Agreement:
  
  • are committed to maintaining confidentiality or are subject to an appropriate legal obligation of confidentiality
  • receive the necessary training in the management of Personal Data
• take into account, with regard to its tools, products, applications or services, the principles of personal data protection by default;

‍

6. Subsequent subcontracting

The Customer authorizes Shipup to use another subcontractor (hereinafter, “the Subcontractor”) to carry out specific Processing activities. In this case, Shipup will in any event remain responsible to the Customer for the proper execution of the Contract.

The appendix setting out the list of Shipup's Subcontractors is available at the Customer's request.

Shipup undertakes to use only Sub-Processors who offer sufficient guarantees as to the implementation of appropriate technical and organizational measures in accordance with Personal Data Protection Laws and Regulations.

Shipup undertakes to inform the Customer of any planned changes concerning the addition or replacement of Subcontractors as soon as possible.

The Customer has a period of ten (10) Business Days from the date of receipt of this information to present his objections in writing. The Customer acknowledges and accepts that the absence of objection within this period is equivalent to acceptance by the Subcontractor. In the event of an objection, Shipup has the possibility to respond to the Customer to provide information likely to remove these objections. If the Customer maintains its objections, the Parties undertake to meet and discuss in good faith concerning the continuation of their relationship. In the absence of agreement by the Parties, the Customer has the option of terminating the Contract with immediate effect.

‍

7. Personal Data Breach Notification

‍

Shipup undertakes to notify the Customer of any Personal Data Breach under the Contract as soon as possible after becoming aware of it by email to the Customer's DPO or, failing that, to the contact person designated by the Customer.

This notification will be accompanied by any useful documentation in order to allow the Customer, if necessary, to notify the said Personal Data Breach to the competent supervisory authority and/or to the Data Subjects.

‍

8. Exercise of the rights of the Persons Concerned

Given the nature of the Processing, Shipup will help the Customer, as far as possible, to fulfill the Customer's obligation to respond to requests to exercise the rights of Data Subjects. Insofar as a Data Subject consults Shipup directly about the exercise of one of his rights, Shipup will send these requests upon receipt by email to the Customer's DPO or, failing that, to the contact person designated by the Customer or to the email address used by the Customer to create his account on the Application Service.

In general, and to the extent that Shipup receives any complaint, request, request or communication from a Data Subject, a supervisory authority or any third party, regarding the Processing of Personal Data or the compliance of either Party with Personal Data Protection Laws and Regulations under the Contract, Shipup will send these requests to the Customer upon receipt, by email to the DPO of the Customer or to the contact person designated by the Customer or to the email address used by the Customer to create an account on the Application Service.

‍

9. Security measures

Shipup is committed to implementing and maintaining technical and organizational measures taking into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks, which vary in degree of probability and severity, for the rights and freedoms of natural persons, as well as the risks, which vary in degree of probability and severity, for the rights and freedoms of natural persons.

In this context, Shipup is committed in particular to implementing the means to guarantee the confidentiality, integrity, availability, and constant resilience of Processing systems and services under the Contract.

‍

10. Impact analyses

As far as possible, and taking into account the nature of the Processing, Shipup undertakes to assist the Customer in carrying out impact analyses relating to the protection of Personal Data relating to the Treatments carried out in the framework of the execution of the Contract.

This reasonable assistance should only be provided to the extent that the Customer cannot access the information concerned by other means.

Thus, if the Customer requests it, and with a notice period of ten (10) Business Days, Shipup undertakes to provide the Customer with all the useful documentation, in its possession and not protected by any intellectual property right, to enable it to carry out its impact study.

Any request for additional assistance will be subject to a price under the conditions applicable on the date of the request.

In order to remove any ambiguity, it is recalled that carrying out and updating the Customer impact study is not the responsibility of the Subcontractor.

11. Cross-border Personal Data Flows

In the event that Shipup wishes to carry out transfers of Personal Data to a third country, not belonging to the European Union, or to an international organization, the Customer authorizes it to do so subject to guaranteeing a level of protection of Personal Data equivalent to European legal requirements and to supervise such transfer in accordance with applicable regulations.

The data controller hereby consents to the subcontractor entering into any agreement or taking any measures, in particular in the name and on behalf of the data controller, in order to establish and ensure an appropriate level of data protection when transferring personal data to a subsequent subcontractor located outside the European Economic Area. If the EU standard contractual clauses apply, the Customer expressly mandates Shipup to sign these standard contractual clauses in the name and on behalf of the Customer. The Contract is thus equivalent to the power conferred by the data controller on the subcontractor.

12. Compliance; audit

Within the limit of one (1) audit for two annual periods and with a notice period of thirty (30) Business Days - provided that Shipup has previously requested information in writing from Shipup to demonstrate compliance by the latter with its obligations as a Subcontractor and if the answers do not seem sufficient (except in the case of an imminent risk relating to the security of Personal Data) - the Customer may notify Shipup of its obligations as a Subcontractor and if the answers do not seem sufficient (except in the event of an imminent risk relating to the security of Personal Data) Pupup by registered letter with acknowledgement of receipt, a request for a compliance audit on site, relating to the processing of Personal Data under the duly substantiated Contract and in which the Customer will designate the appointed auditor, the agreed date, the number of hours or days that will be necessary to carry out the audit, the site on which the audit will take place and the scope of intervention of the auditor. In order to remove any ambiguity, it is specified that the scope of the on-site audit will be strictly limited to Shipup processes allowing the Treatments to be carried out in its capacity as a Processor of the Treatments entrusted by the Customer under the Contract.

The appointed auditor must be an independent auditor, be professionally recognized in his field, and not be a direct or indirect competitor of Shipup. The auditor must be subject to a written confidentiality agreement concluded prior to the start of the audit.

The appointed auditor must not interfere with Shipup's business during the conduct of the audit, which can only be carried out during the business hours of Shipup, which will provide assistance to the auditor, within a limit of two (2) man-days, per audit.

The Customer shall bear all costs incurred by the audit, including without limitation the auditor's fees, and reimburses Shipup for all expenses and expenses incurred by this audit, including those corresponding to the time spent on the audit by Shipup staff beyond the two (2) man-days referred to above, based on the average man-day rate of Shipup staff who collaborated in the audit.
The Customer undertakes to communicate the results of the audit to Shipup, and if it is found that Shipup does not comply with its obligations under the regulations in force applicable to the Processing of Personal Data, Shipup will take all necessary measures to remedy it and will inform the Customer of the measures taken in this respect. The Parties acknowledge that all reports and information obtained as part of this audit are Confidential Information.

‍

Appendix 4 — Financial conditions specific to the payment service (payment by bank card or by SEPA direct debit mandate via Stripe)

‍

1. Payment terms

The payment services offered by Shipup (online payment by bank card and payment by SEPA direct debit mandate) take place through the payment provider chosen by Shipup, namely Stripe (and its affiliated companies).

Payment processing by Stripe is certified in accordance with the PCI/DSS level 1 standard developed by the PCI Security Standards Council, and implements a rigorous system to ensure the security of Customers' payment data, via the encryption of payment data (in particular the entry of the Customer's bank card number as well as its expiration date and cryptogram taking place on a highly secure Stripe page).

‍

2. Credit card payment methods

Shipup does not store any card numbers.

Once the Customer's banking information has been filled in, a request for authorization to debit is sent by Stripe to the payment card issuer, in order to validate the payment. In this context, the card issuer who authorizes the debit of the bank account corresponding to the said card up to the agreed amount.

Following the validation of the transaction by the Customer, a transaction number is assigned to the Customer, who can find this number on his bank account statement.

In the event of refusal of payment by the banking payment center concerned, the Customer will be informed by email and must resolve the problem with the issuer of his payment card, verify and/or update the information relating to his payment and proceed with a new payment attempt.

The Customer's payment data recorded by the payment service provider's payment system constitutes proof of financial transactions carried out by bank card.

‍

3. SEPA direct debit payment methods

The Single Euro Payments Area (SEPA) is an initiative of the European Union aimed at simplifying payments within its member countries. They have established and imposed banking standards to allow bank withdrawals from all bank accounts denominated in euros within the SEPA region.

To be able to debit an account, Shipup must collect the Customer's name and account number in IBAN format. Upon confirmation of payment, the Customer is required to accept the SEPA mandate generated by Stripe that will be provided to him by Shipup and which gives authorization to Shipup to debit his account up to the agreed amount. The Customer guarantees Shipup the validity of the information provided. The Customer guarantees Shipup the validity of the information provided, and authorizes Shipup to debit his account up to the agreed amount.

SEPA Direct Debit is a reusable payment method with delayed notification (i.e. it may take up to fourteen (14) working days before Shipup receives a notification about the success or failure of a payment after initiating a debit from the Customer's account).

Before collecting the amounts, Shipup will inform the Customer by email of the date on which the Customer's account will be debited, the amount of the debit, the mandate reference number and the Shipup identifier.

‍

4. Refusal; fraudulent use

Shipup reserves the right to refuse, condition or suspend any transaction that is (i) abnormal, erroneous, suspicious, conducted in bad faith; (ii) unauthorized, fraudulent, illegal or exposing Shipup or third parties to risks.

If Shipup suspects that the Customer is using the payment service for unauthorized, fraudulent or illegal purposes, it may share any information related to this activity with the financial institution concerned and/or any appropriate organization in accordance with its legal obligations.

‍

5. Declarations and warranties

The Customer guarantees:

• be the holder of the payment card or be authorized to use the payment services, and in particular with regard to its representative, have the legal authority necessary to proceed in the name and on behalf of the entity referred to at the top of this document;
• not to use the payment service, directly or indirectly, for fraudulent or illegal purposes, or in any way that interferes with the normal functioning of said service.

In addition, the Customer acknowledges that the Payment Services are not infallible and that there is a risk of failure of payments made in this way.

‍

6. Specific responsibilities of the Customer in the context of the payment service

The Customer is solely responsible for:

• information provided as part of the Subscription Form and in particular information relating to payment (including address details as part of the SEPA transfer), which must be accurate and complete, and regularly kept up to date;
• the consequences of their incorrect or incomplete nature, Shipup having no control over the content of the payment data, and cannot be held responsible as such. In particular, in the context of the SEPA direct debit, if the start fails or is cancelled for reasons attributable to the Customer (in particular due to insufficient credit or incorrect account information), the latter remains responsible for the payment of the amount due, as well as for all related applicable fees (bank fees, processing fees, etc.)
• of its use of the payment service and of its subscription to the Services.

‍

7. Shipup's Exemption from Liability

Shipup cannot under any circumstances be held responsible to the Customer:

• any irregular or fraudulent activity or declaration by the Customer in connection with the use of the payment service;
• any fraudulent or unauthorized transaction by the Customer or carried out by a third party without his knowledge in the context of an illicit appropriation of his payment data, in particular in the case of phishing (theft of an access code to an online bank account, with or without the use of false documents) or a carding operation (for example, bank card theft) resulting from an organized gang scam;
• any loss generated for any irregular or fraudulent activity or transaction by the Customer;
• in the event that the payment service provider and/or a supplier of the payment or electronic banking chain is faulty, for example, and without limitation, the GIE Carte Bancaire payment acceptance networks, the servers of the Visa, Mastercard and SEPA acceptance systems, the servers of the Visa, Mastercard and SEPA acceptance systems;
• in the event that the internet hosts of payment systems are victims of massive fraud, attacks requiring a cut of the service to stop a massive and organized attack;
• in the event of a global failure of Internet communication systems making remote payments indirectly impossible;
• in the case of a unilateral service outage at the request of GIE Cartes Bancaires, Visa, Mastercard or SEPA;
• in the case of a judicial requisition ordering the immediate closure of the payment service;
• in the event that the functionalities of the payment service prove to be incompatible with certain equipment and/or functionalities of the Customer's computer hardware, and/or in general,
• in any other case beyond Shipup's control.